1. Field of Invention
The present invention pertains to the field of software systems. More particularly, this invention relates to resource access control in a software system.
2. Art Background
Software programs executing on a computer system commonly make use of resources available through the computer system. Such resources commonly include resources such as files, databases, memory segments and application programs. Such resources also commonly include resources such as storage devices, printers, communication devices, and display devices to name only a few example devices. Such resources may be local resources of the computer system or may be remote resources accessible via a network connection to one or more other computer systems of a distributed system. A software program executing on the computer system that accesses resources is hereinafter referred to as a task.
Prior computer systems typically include an operating system that provides access control to the resources of the computer system. A task usually generates an access request that specifies a particular resource and that specifies a particular operation to be performed on the particular resource. For example, a task usually accesses a file by generating an access request that specifies a file name and a particular operation to be performed such as read file, write file, or read and write file. The operating system in a prior computer system usually provides access control by determining whether the requesting task is to be allowed to perform the particular operation on the particular resource.
Some prior operating systems maintain access control lists (ACLs) which are used in rendering access control decisions. An ACL for a resource typically includes a list of users and their associated permissions with respect to the resource. For example, an ACL for file1 may specify that user1 has read permission and user2 has read and write permission for file1. Typically, the operating system denies a request from a task associated with user1 for a write operation on file1 in response to the ACL for file1. On the other hand, the operating system usually allows a request from a task associated with user2 for a write operation on file1 in response to the ACL for file1.
Unfortunately, ACLs can become prohibitively large and unwieldy if a computer system is to service potentially large numbers of users. This problem may arise in networks such as large intranets or in the Internet in which the number of users that can potentially access a resource is extremely large.
Other prior operating systems allocate capability lists (CLs) to individual users. A CL for a user typically includes a list of resources and associated permissions with respect to the resource. For example, a CL allocated to user1 may specify read permission to file1 and read and write permission for file2.
Typically, CLs are objects contained within the operating environment of a user and as such may be subject to modification by the user. Unfortunately, this may create security problems in a computer system by enabling a user to obtain greater access right than were originally allocated. In addition, CLs may create problems with the proliferation of permissions among users and may complicate the ability of an operating system to revoke the permissions of individual users.
A software system is disclosed that provides access control to resources and that disassociates access rights to resources from references to resources to prevent the formation of large and unwieldy access control lists and to enable advanced decentralized security controls. The software system includes a repository that holds a resource descriptor for each resource. Each resource descriptor includes a set of lock/permission pairs for the corresponding resource. The software system includes a resource mediator that obtains a request for access to a particular resource of the resources. The request provides a set of keys. In response, the resource mediator generates a set of unlocked permissions by comparing each key to each lock of the lock/permission pairs for the particular resource so that a permission of the lock/permission pairs is unlocked if at least one of the keys matches the corresponding lock. The resource mediator forwards the unlocked permissions to a resource handler for the particular resource which interprets the unlocked permissions.
Access to particular resources or groups of resources is provided by providing users with the appropriate keys. The keys are themselves are resources with resource descriptors in the repository. Access rights for users may be revoked by deleting keys from the repository. The software system also provides visibility fields for compartmentalizing access to resources. In addition, the software system provides decentralized authorizers that maintain audit trails for resources and that enable advanced security control for access to resources.
Other features and advantages of the present invention will be apparent from the detailed description that follows.